CVE-2017-8172

EPSS 0.06%
Veröffentlicht 22.11.2017 19:29:04
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ P10 Plus Firmware Version < vky-al00c00b157

Huawei ≫ P10 Plus Version-

Huawei ≫ P10 Firmware Version < vtr-al00c00b157

Huawei ≫ P10 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.16

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en

Vendor Advisory

http://www.securityfocus.com/bid/99370

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-8172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8172

EUVD